libopus 1.1.4

Jan 20, 2017

This Opus 1.1.4
release fixes a single bug. A specially-crafted Opus packet could cause
an integer wrap-around in the SILK LSF stabilization code. This would cause
an out-of-bounds read 256 bytes before a constant table. In most circumstances,
the consequences are harmless and the result is simply noise in the audio.

This was reported as CVE-2017-0381.
Contrary to that report, our own analysis shows that no
remote code execution is possible. However, we are making this release
as a precaution.